Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow attackers to sidestep authentication entirely through brute-force methods. Tracked as CVE-2025-49201, the flaw stems from a weak authentication mechanism in the Web Application Delivery (WAD) and Graphical User Interface (GUI) components, classified under CWE-1390. With […] The post FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process appeared first on Cyber Security News.

Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated attackers to execute arbitrary system commands. Tracked as CVE-2025-58325, the flaw stems from an incorrect provision of specified functionality (CWE-684) in the CLI component, potentially leading to privilege escalation. With a CVSS v3.1 score of 7.8 […] The post FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands appeared first on Cyber Security News.

Hackers can exploit vulnerabilities in signed UEFI shells to bypass Secure Boot protections on over 200,000 Framework laptops and desktops. According to Eclypsium, these vulnerabilities expose fundamental flaws in how modern systems trust boot components, potentially enabling persistent malware infections that evade detection. Disclosed recently to Framework, the issues stem from legitimate diagnostic tools that, […] The post UEFI Shell Vulnerabilities Could Allow Hackers to Bypass Secure Boot on 200,000+ Laptops appeared first on Cyber Security News.

Pixnapping, a novel class of side-channel attacks targeting Android devices that can covertly extract sensitive screen data, including two-factor authentication (2FA) codes from Google Authenticator in under 30 seconds. This exploit leverages Android’s core APIs and a hardware vulnerability in graphics processing units (GPUs), affecting nearly all modern Android phones without requiring special permissions, researchers […] The post New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds appeared first on Cyber Security News.

Ivanti has disclosed 13 vulnerabilities in its Endpoint Manager (EPM) software, including two high-severity flaws that could enable remote code execution and privilege escalation, urging customers to apply mitigations while patches remain in development. The announcement comes amid growing scrutiny of enterprise management tools, as attackers increasingly target them for supply chain compromises. Although no […] The post Ivanti Patches 13 Vulnerabilities in Endpoint Manager Allowing Remote Code Execution appeared first on Cyber Security News.

A critical vulnerability in the widely used Sudo utility has come under scrutiny following the public release of a proof-of-concept exploit, raising alarms for Linux system administrators worldwide. CVE-2025-32463 targets the chroot feature in Sudo versions 1.9.14 through 1.9.17, enabling local attackers to escalate privileges to root level with minimal effort. Discovered by security researcher […] The post New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability appeared first on Cyber Security News.

Elastic has disclosed a critical vulnerability in its Elastic Cloud Enterprise (ECE) platform that allows administrators with malicious intent to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 under advisory ESA-2025-21, the flaw stems from improper neutralization of special elements in the Jinjava template engine. This issue affects multiple versions of ECE, potentially […] The post Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands appeared first on Cyber Security News.

OpenAI’s newly launched Guardrails framework, designed to enhance AI safety by detecting harmful behaviors, has been swiftly compromised by researchers using basic prompt injection methods. Released on October 6, 2025, the framework employs large language models (LLMs) to judge inputs and outputs for risks like jailbreaks and prompt injections, but experts from HiddenLayer demonstrated that […] The post Hackers Can Bypass OpenAI Guardrails Using a Simple Prompt Injection Technique appeared first on Cyber Security News.